5.1 Security Considerations for Implementers

SHA-1 hashing is not deprecated due to the backward compatibility consideration.

Any form of password authentication can be vulnerable to dictionary or brute-force password-guessing attacks. Proper throttling is to be considered by the implementers of the Peer-to-Peer Grouping Security Protocol.